Don't worry! It's not for malicious purposes, just for my person learning. I want to create a key logger that will act as a service, so no window will appear. Also I would like it to send a file of the keys entered once a day to an email. I also want this file to be as hard to find as possible (ie a hidden file). The format I would like the file to be is:
Window name/page name
Keys entered...
Keys entered...
Keys entered...
Window name/page name
Keys entered...
Keys entered...
Keys entered...
Window name/page name
Keys entered...
Keys entered...
Keys entered...
etc...
So basically, I'm not sure what tools I should use for this. Can I do it all in a console application and just hide the console window? I realize I will need to use one of the transfer protocols for sending it to an email, but I don't know which one (I don't know much about programming with a network at all). So, any and all advice is welcome! But, please don't just give me the code. I want to write it all myself. Just having trouble with starting it.
You cannot interact with the desktop from a service running as LOCAL SYSTEM due to session isolation security (there is a workaround to this) and you can't access the network except from network account.
You cannot interact with the desktop from a service running as LOCAL SYSTEM due to session isolation security (there is a workaround to this) and you can't access the network except from network account.
It means you cannot display even a banal message box, you cannot spawn another GUI process, you cannot access HKEY_CURRENT_USER registry hive, etc from a windows service in windows vista or later.
Microsoft called this feature "session 0 isolation". http://msdn.microsoft.com/en-us/library/bb756986.aspx
You need another exe which load the DLL which load keyboard hook. The exe will run with administrative privileges, allowing you to catch keystrokes sent to elevated applications, which is not normally possible.
If you run in 64-bit mode you need 2 exe and 2 DLLs, apart from the service itself. A 32-bit DLL cannot be injected in a 64-bit process.